Disclaimer - I don't often use WP and am somewhat limited in my knowledge of it;s inner workings, please don't many assumptions of my knowledge and explain everything as clearly as you can
I inherited a WP site, that last week stopped loading CSS/JS without me, or any other developers touching it. The developer who created the site I believe was unskilled and very "plug-in happy". There are many freemium plug-ins installed (the dashboard is littered with "upgrade now" boxes.
The issue is that the siteurl option appears to have been changed to this domain under the options table in the database, which was causing the page to try and load any images, CSS or JS from this domain.
I'm assuming the issue was caused by a plug-in automatically making the change - I'm not sure if this is something that can happen or not, however I rolled the site back to a back-up and this appeared to fix the issue. Two days later the issue crept back in. I have since accessed the database directly and updated the option. I am hoping to find out what the root cause is and how to stop it, in case this continues to happen in future.
Thank you for your time.
Disclaimer - I don't often use WP and am somewhat limited in my knowledge of it;s inner workings, please don't many assumptions of my knowledge and explain everything as clearly as you can
I inherited a WP site, that last week stopped loading CSS/JS without me, or any other developers touching it. The developer who created the site I believe was unskilled and very "plug-in happy". There are many freemium plug-ins installed (the dashboard is littered with "upgrade now" boxes.
The issue is that the siteurl option appears to have been changed to this domain under the options table in the database, which was causing the page to try and load any images, CSS or JS from this domain.
I'm assuming the issue was caused by a plug-in automatically making the change - I'm not sure if this is something that can happen or not, however I rolled the site back to a back-up and this appeared to fix the issue. Two days later the issue crept back in. I have since accessed the database directly and updated the option. I am hoping to find out what the root cause is and how to stop it, in case this continues to happen in future.
Thank you for your time.
I would first remove any plugins that are not needed, or any that haven't been updated for a while. Then I would install all updates (themes and plugins) and reinstall WP (all from the Admin, Update screen). That will get you a fresh install of WP and plugins/themes.
Then I would manually look at all site folders for files that are not the current date (all 'good' files would have today's date, because you updated everything). (I might even go so far as to reinstall plugins/themes from the WP repository, if there were no updates. That gets you current on everything.) Any file with a date outside of today would be looked at for nefarious code.
Then I would change all user credentials (WP admins at the very least), plus hosting account and FTP users, using strong (and new and different for each account) passwords.
That should clear up any possible bad code. Then I'd look at the page source of a few pages and see if there is any possible code that is not supposed to be there.
The result should be a 'clean' site. Then monitor the site to ensure 'cleanliness'.
siteurloption unless it has malicious intent. Unless something else is going on here, like perhaps a CDN that went on the fritz, I would have someone more experienced investigate to see whether it has indeed been compromised. – WebElaine Commented Nov 28, 2018 at 22:44